Problem z wysłaniem danych do bazy

0

Mam taki kod jak poniżej, i nie działa wysyłanie tzn zrobienie "Update" do bazy danych sekcji "Add payment" - normalnie pokazuje się to co jest w bazie dodane ręcznie bezpośrednio do mysql ale nie potrafię napisać kodu, napisałem go chyba źle, żeby wysłać za pomocą tego formularza danych że ktoś zapłacił. Ale jak wyciągam dane (też na tej stronie ) które dodałem ręcznie do sql to się ładnie pokazują na stronie tylko tamta sekcja nie działa Proszę o pomoc bo jestem baaardzo początkujący i już siedze trzy dni nad tym :(

<?php
include("header.php");
$id = $_GET['id'];
if(!is_numeric($id)) {
die('lol');
}
if (!($user -> isAdmin($odb)))
{
	header('location: ../index.php');
	die();
}
$SQLGetInfo = $odb -> prepare("SELECT * FROM `users` WHERE `ID` = :id LIMIT 1");
$SQLGetInfo -> execute(array(':id' => $_GET['id']));
$userInfo = $SQLGetInfo -> fetch(PDO::FETCH_ASSOC);
$username = $userInfo['username'];
$email = $userInfo['email'];
$rank = $userInfo['rank'];
$membership = $userInfo['membership'];
$status = $userInfo['status'];	
$expire = $userInfo['expire'];
$premium = $userInfo['Premium'];


$SQLGetPass = $odb -> prepare("SELECT * FROM `rusers` WHERE `user` = :username LIMIT 1");
$SQLGetPass -> execute(array(':username' => $username));
$userPass = $SQLGetPass -> fetch(PDO::FETCH_ASSOC);
$realPass = "Disabled";
?>
            <div class="page-content">

                <div class="container">
<?php
	   if (isset($_POST['update']))
	   {
		$update = false;
		if ($username!= $_POST['username'])
		{
			if (ctype_alnum($_POST['username']) && strlen($_POST['username']) >= 4 && strlen($_POST['username']) <= 15)
			{
				$SQL = $odb -> prepare("UPDATE `users` SET `username` = :username WHERE `ID` = :id");
				$SQL -> execute(array(':username' => $_POST['username'], ':id' => $id));
				$update = true;
				$username = $_POST['username'];
			}
			else
			{
				$error = 'Username has to be 4-15 characters in length and alphanumeric';
			}
		}
		if (!empty($_POST['password']))
		{
			$SQL = $odb -> prepare("UPDATE `users` SET `password` = :password WHERE `ID` = :id");
			$SQL -> execute(array(':password' => SHA1(md5($_POST['password'])), ':id' => $id));
			$update = true;
			$SQLxD = $odb -> prepare("UPDATE `rusers` SET `password` = :password WHERE `user` = :username");
			$SQLxD -> execute(array(':password' => $_POST['password'], ':username' => $username));
		}
		if ($email != $_POST['email'])
		{
			if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
			{
				$SQL = $odb -> prepare("UPDATE `users` SET `email` = :email WHERE `ID` = :id");
				$SQL -> execute(array(':email' => $_POST['email'], ':id' => $id));
				$update = true;
				$email = $_POST['email'];
			}
			else
			{
				$error = 'Email is invalid';
			}
		}
		if ($rank != $_POST['rank'])
		{
			$SQL = $odb -> prepare("UPDATE `users` SET `rank` = :rank WHERE `ID` = :id");
			$SQL -> execute(array(':rank' => $_POST['rank'], ':id' => $id));
			$update = true;
			$rank = $_POST['rank'];
		}

		if ($rank = $_POST['rank'])
		{
			$SQL = $odb -> prepare("INSERT INTO `payments` VALUES(:paid, :plan, :user, :email, :tid, :date");
			$SQL -> execute(array(':paid' => $_POST['paid'], ':plan' => $_POST['plan'], ':user' => $_POST['user'], ':email' => $_POST['email'], ':tid' => $_POST['tid'], ':date' => $_POST['date']));
			$update = true;
			
		}
		
		if ($premium != $_POST['premium'])
		{
			$SQL = $odb -> prepare("UPDATE `users` SET `Premium` = :premium WHERE `ID` = :id");
			$SQL -> execute(array(':premium' => $_POST['premium'], ':id' => $id));
			$update = true;
			$premium = $_POST['premium'];
		}

		if ($expire != strtotime($_POST['expire']))
		{
			$SQL = $odb -> prepare("UPDATE `users` SET `expire` = :expire WHERE `ID` = :id");
			$SQL -> execute(array(':expire' => strtotime($_POST['expire']), ':id' => $id));
			$update = true;
			$expire = strtotime($_POST['expire']);
		}
		if ($membership != $_POST['plan'])
		{
			if ($_POST['plan'] == 0)
			{
				$SQL = $odb -> prepare("UPDATE `users` SET `expire` = '1731319800', `membership` = '0' WHERE `ID` = :id");
				$SQL -> execute(array(':id' => $id));
				$update = true;
				$membership = $_POST['plan'];
			}
			else
			{
				$getPlanInfo = $odb -> prepare("SELECT `unit`,`length` FROM `plans` WHERE `ID` = :plan");
				$getPlanInfo -> execute(array(':plan' => $_POST['plan']));
				$plan = $getPlanInfo -> fetch(PDO::FETCH_ASSOC);
				$unit = $plan['unit'];
				$length = $plan['length'];
				$newExpire = strtotime("+{$length} {$unit}");
				$updateSQL = $odb -> prepare("UPDATE `users` SET `expire` = :expire, `membership` = :plan WHERE `id` = :id");
				$updateSQL -> execute(array(':expire' => $newExpire, ':plan' => $_POST['plan'], ':id' => $id));
				$update = true;
				$membership = $_POST['plan'];
			}
		}
		if ($status != $_POST['status'])
		{
			$SQL = $odb -> prepare("UPDATE `users` SET `status` = :status WHERE `ID` = :id");
			$SQL -> execute(array(':status' => $_POST['status'], ':id' => $id));
			$update = true;
			$status = $_POST['status'];
			$reason = $_POST['reason'];
			$SQLinsert = $odb -> prepare('INSERT INTO `bans` VALUES(:username, :reason)');
			$SQLinsert -> execute(array(':username' => $username, ':reason' => $reason));
			@file_get_contents('http://clubsproducts.tk/blacklist/api.php?action=post&email='.$email);
		}
		if ($update == true)
		{
echo success('User Has Been Updated');
		}
		else
		{
echo error('Nothing has been updated');
		}
		if (!empty($error))
		{
			echo error($error);
		}
	   }
?>	
                    <div class="page-toolbar">
                        
                        <div class="page-toolbar-block">
                            <div class="page-toolbar-title"><?php echo htmlspecialchars($username); ?></div>
                            <div class="page-toolbar-subtitle"><?php echo htmlspecialchars($email); ?></div>
                        </div>
                        
                        <ul class="breadcrumb">
                            <li><a href="index.php">Dashboard</a></li>
                            <li class="active">View User</li>
                        </ul>                        
                        
                    </div>                    
                    <div class="row">
                        <div class="col-md-6">
                            <div class="block">
                                <div class="block-content">
                                    <h2><strong>User</strong> Settings</h2>
                                </div>
                                <div class="block-content controls">
                                    <form method="post">
                                    <div class="row-form">
                                        <div class="col-md-4"><strong>Username:</strong></div>
                                        <div class="col-md-8"><input type="text" class="form-control" name="username" value="<?php echo htmlspecialchars($username); ?>"/></div>
                                    </div>
                                    <div class="row-form">
                                        <div class="col-md-4"><strong>Email:</strong></div>
                                        <div class="col-md-8"><input type="text" class="form-control" name="email" value="<?php echo htmlspecialchars($email); ?>"/></div>
                                    </div>
									<div class="row-form">
                                        <div class="col-md-4"><strong>Password:</strong></div>
                                        <div class="col-md-8"><input type="text" class="form-control tip" value="<?php echo $realPass; ?>" disabled /></div>
                                    </div>
                                    <div class="row-form">
                                        <div class="col-md-4"><strong>New Password:</strong></div>
                                        <div class="col-md-8"><input type="password" class="form-control tip" title="Leave empty if you don't wish to update user's password" name="password"/></div>
                                    </div>
									 <div class="row-form">
                                        <div class="col-md-4"><strong>Premium:</strong></div>
                                        <div class="col-md-8"><input type="text" class="form-control" value="<?php echo htmlspecialchars($premium); ?>" name="premium"/></div>
                                    </div>
                                    <div class="row-form">
                                        <div class="col-md-4"><strong>Rank:</strong></div>
                                        <div class="col-md-8">
<?php
function selectedR($check, $rank)
{
	if ($check == $rank)
	{
		return 'selected="selected"';
	}
}
?>
                                            <select name="rank" class="form-control">
              	  <option value="1" <?php echo selectedR(1, $rank); ?> >Admin</option>				 
              	  <option value="2" <?php echo selectedR(2, $rank); ?> >Supporter</option>
			  <option value="3" <?php echo selectedR(3, $rank); ?> >VIP</option>
              	  <option value="0" <?php echo selectedR(0, $rank); ?> >User</option>
                                            </select>
                                        </div>
                                    </div>
                                    <div class="row-form">
                                        <div class="col-md-4"><strong>Plan:</strong></div>
                                        <div class="col-md-8">
                                            <select name="plan" class="form-control">
                    <option value="0">No Membership</option>

<?php 
$SQLGetMembership = $odb -> query("SELECT * FROM `plans`");
while($memberships = $SQLGetMembership -> fetch(PDO::FETCH_ASSOC))
{
	$mi = $memberships['ID'];
	$mn = $memberships['name'];
	$selectedM = ($mi == $membership) ? 'selected="selected"' : '';
	echo '<option value="'.$mi.'" '.$selectedM.'>'.$mn.'</option>';
}
?>
                                            </select>
                                        </div>
                                    </div>
                                    <div class="row-form">
                                        <div class="col-md-4"><strong>Status:</strong></div>
                                        <div class="col-md-8">
                                            <select name="status" class="form-control">
<?php
function selectedS($check, $rank)
{
	if ($check == $rank)
	{
		return 'selected="selected"';
	}
}
?>
                	<option value="0" <?php echo selectedR(0, $status); ?> >Active</option>
                    <option value="1" <?php echo selectedR(1, $status); ?> >Banned</option>
                                            </select>
                                        </div>
                                    </div>
                                    <div class="row-form">
                                        <div class="col-md-4"><strong>Ban Reason:</strong></div>
                                        <div class="col-md-8"><input type="text" class="form-control tip" title="leave empty if the user is not banned" name="reason"/></div>
                                    </div>
                                    <div class="row-form">
                                        <div class="col-md-4"><strong>Expiration Date:</strong></div>
                                        <div class="col-md-8"><input type="text" class="form-control" value="<?php echo date("d-m-Y", $expire); ?>" name="expire"/></div>
                                    </div>

				<div class="row-form">
                                        <div class="col-md-4"><strong>Add payment</strong></div> <br>
                    <div class="col-md-8"><input type="text" class="form-control" placeholder="Insert user ID" value="" name="user"/></div>
					<div class="col-md-8"><input type="text" class="form-control" placeholder="Insert email" value="" name="email"/></div>
					<div class="col-md-8"><input type="text" class="form-control" placeholder="Insert amount" value="" name="paid"/></div>
					<div class="col-md-8"><input type="text" class="form-control" placeholder="Insert data (unix timestamp)" value="" name="date"/></div>
					<div class="col-md-8"><input type="text" class="form-control" placeholder="Insert ID PLAN" value="" name="plan"/></div>
                                        <div class="col-md-8"><input type="text" class="form-control" placeholder="Insert transaction id" value="" name="tid"/></div>
					


                                    </div>




									<center><button name="update" class="btn btn-success">Update</button></center>
                                </div>
                                
                            </div>
                        </div>
                        <div class="col-md-6">
                                <div class="block">
                                    <ul class="nav nav-tabs nav-justified">
                                        <li class="active"><a href="#tab1" data-toggle="tab">Payments</a></li>
                                        <li><a href="#tab2" data-toggle="tab">Attacks</a></li>
                                        <li><a href="#tab3" data-toggle="tab">Logins</a></li>
                                    </ul>
                                    <div class="block-content tab-content">
                                        <div class="tab-pane active" id="tab1">
<p>
                                    <table class="table table-striped">
                                        <tr>
                    <th>Plan</th>
                    <th>Email</th>
                    <th>Transaction ID</th>
                    <th>Date</th>
                  </tr>
                </thead>
                <tbody>
				<form method="post">
<?php
$SQLSelect = $odb -> query("SELECT * FROM `payments` WHERE `user` = '$id' ORDER BY `ID` DESC LIMIT 5");
while ($show = $SQLSelect -> fetch(PDO::FETCH_ASSOC))
{
$paid = $show['paid'];
$plan = $odb->query("SELECT `name` FROM `plans` WHERE `ID` = '{$show['plan']}'")->fetchColumn(0);
$tid = $show['tid'];
$email = $show['email'];
$date = date("m-d-Y, h:i:s a" ,$show['date']);
echo '<tr><td><strong>'.htmlentities($plan).'($'.htmlentities($paid).')</strong></td><td>'.htmlentities($email).'</td><td>'.htmlentities($tid).'</td><td>'.htmlentities($date).'</td></tr>';
}
?>
</form>
                                        </tr>                                       
                                    </table>
</p>
                                        </div> 
                                        <div class="tab-pane" id="tab2">
<p>
                                    <table class="table table-striped">
                                        <tr>
                    <th>Host</th>
                    <th>Time</th>
                    <th>User</th>
                    <th>Date</th>
                  </tr>
                </thead>
                <tbody>
				<form method="post">
<?php
$SQLSelect = $odb -> query("SELECT * FROM `logs` WHERE `user` = '$username' ORDER BY `ID` DESC LIMIT 5");
while ($show = $SQLSelect -> fetch(PDO::FETCH_ASSOC))
{
$ip = $show['ip'];
$port = $show['port'];
$time = $show['time'];
$method = $show['method'];
$date = date("m-d-Y, h:i:s a" ,$show['date']);
echo '<tr><td><strong>'.htmlentities($ip).':'.htmlentities($port).'</strong></td><td>'.htmlentities($time).' Sec</td><td>'.htmlentities($method).'</td><td>'.htmlentities($date).'</td></tr>';
}
?>
</form>
                                        </tr>                                       
                                    </table>
</p>
                                        </div>  
                                        <div class="tab-pane" id="tab3">
<p>
                                    <table class="table table-striped">
                                        <tr>
                    <th>IP</th>
                    <th>Country</th>
                    <th>Date</th>
                  </tr>
                </thead>
                <tbody>
				<form method="post">
<?php
$SQLSelect = $odb -> query("SELECT * FROM `loginlogs` WHERE `username` = '$username' ORDER BY `date` DESC LIMIT 5");
while ($show = $SQLSelect -> fetch(PDO::FETCH_ASSOC))
{
$ip = $show['ip'];
$country = $show['country'];
$date = date("m-d-Y, h:i:s a" ,$show['date']);
echo '<tr><td><strong>'.htmlentities($ip).'</strong></td><td>'.htmlentities($country).'</td><td>'.htmlentities($date).'</td></tr>';
}
?>
</form>
                                        </tr>                                       
                                    </table>
</p>
                                        </div>  										
                                    </div>
                                </div>
                        </div>
                    </div>
                    
                </div>
                
            </div>
            <div class="page-sidebar"></div>
        </div>

    </body>
</html>
0

Poczytaj co to jest MVC, naucz się jakiegoś frameworka np. Symfony albo Laravel, i zrób to od początku. To co zrobiłeś to tzw. "spaghetti code", czyli coś czego należy unikać, bo bardzo ciężko się to czyta/analizuje, jest to podatne na błędy, i trudne w aktualizacji. Taki kod generalnie łamie chyba wszystkie możliwe wzorce projektowania aplikacji i zasady ich tworzenia.

0
  1. Moje IDE pokazujemy błędy parsowania HTMLa - sprawdź sobie to.
  2. Struktura formularzy jest mega zła. Zweryfikuj gdzie otwierasz i gdzie zamykasz tagi <form>
  3. Unikaj zagnieżdżania tagów <form> w innych formularzach
  4. Unikaj tego typu insertów: INSERT INTO `bans` VALUES(:username, :reason) - podawaj zawsze nazwy kolumn i odpowiednią ilość wartości; ułatwia to czytanie kodu, debugowanie i jest bezpieczniejsze
  5. Używaj bindValue zamiast wrzucania małych tablic z wartościami w execute

Jak poprawisz te 5 powyższych punktów to daj znać jeśli wciąż będą problemy.

1 użytkowników online, w tym zalogowanych: 0, gości: 1